Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted perl 5.32.1-4+deb11u5 (source) into oldoldstable-security
Date: Sat, 18 Apr 2026 09:00:16 +0000
Signed by: Sylvain Beucler <beuc@beuc.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 12 Apr 2026 20:30:38 +0200
Source: perl
Architecture: source
Version: 5.32.1-4+deb11u5
Distribution: bullseye-security
Urgency: high
Maintainer: Niko Tyni <ntyni@debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Closes: 1098226
Changes:
 perl (5.32.1-4+deb11u5) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2025-40909: Perl threads have a working directory race condition
     where file operations may target unintended paths. If a directory
     handle is open at thread creation, the process-wide current working
     directory is temporarily changed in order to clone that handle for the
     new thread, which is visible from any third (or more) thread already
     running. This may lead to unintended operations such as loading code
     or accessing files from unexpected locations, which a local attacker
     may be able to exploit. (Closes: #1098226)
   * Update debian/salsa-ci.yml for LTS.
Checksums-Sha1:
 3881594e49cf09c3db2bb051e4f890df7be5ec8d 2893 perl_5.32.1-4+deb11u5.dsc
 54a6edeb0ad3b9a0afe089d85e5e743b730b18c5 871331 perl_5.32.1.orig-regen-configure.tar.gz
 1fb4f710d139da1e1a3e1fa4eaba201fcaa8e18e 12610988 perl_5.32.1.orig.tar.xz
 42a7b2130cc6417a29952c02670f20a542a0d216 173764 perl_5.32.1-4+deb11u5.debian.tar.xz
 b6ad9a7f06b92cc4e1a3e373f6cf06df878845a9 6209 perl_5.32.1-4+deb11u5_source.buildinfo
Checksums-Sha256:
 16068c67a051887f661beabb6bb63211241e347823c66e1ada49a596c4e55d9a 2893 perl_5.32.1-4+deb11u5.dsc
 1d179b41283f12ad83f9758430f6ddc49bdf20db5c396aeae7e51ebb4e4afd29 871331 perl_5.32.1.orig-regen-configure.tar.gz
 57cc47c735c8300a8ce2fa0643507b44c4ae59012bfdad0121313db639e02309 12610988 perl_5.32.1.orig.tar.xz
 7ff54cb58e60d0dac81b2b644f937edcb226c60ecd25f665a2f372ac9862caf7 173764 perl_5.32.1-4+deb11u5.debian.tar.xz
 c192cf1e840f4e1842fb9a05244d1243b308d3cdc8bac6978667df92e5638137 6209 perl_5.32.1-4+deb11u5_source.buildinfo
Files:
 160b91de89afd088a6b6e8ee6241e110 2893 perl standard perl_5.32.1-4+deb11u5.dsc
 377ac050e8c90f3361fec97d91e96469 871331 perl standard perl_5.32.1.orig-regen-configure.tar.gz
 7f104064b906ad8c7329ca5e409a32d7 12610988 perl standard perl_5.32.1.orig.tar.xz
 990e02af114a33ef3509719f7a2f304c 173764 perl standard perl_5.32.1-4+deb11u5.debian.tar.xz
 e03620539bb8d0808017e7dbfbbbfdc0 6209 perl standard perl_5.32.1-4+deb11u5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmnjRU0ACgkQDTl9HeUl
XjBBLw/9E9V6Hw6ThvB920JzOiZ8cMKhfF0p0DS5d3oQI0qDQLxoZMz+VRo2UzXN
QQ8Lff8vfyOJ8OxsJES/Q7eL09IavVrcRRkgJbOCGAUdR8oRBZXCneC0JEyrT+Tb
T6W30q1e5tfJboqhtL6aVBu7hCyItB+N66oiEGeZvq6aLLLqIgYReKT1MK2TLNnI
u+/46shJ+TxbjncRXm22tATwo5azlXt51HFimS9HeYWW/aZLU4fgnbSf/527z973
gGuNpQxDTgu4tVMg3ZM8PmHFhag0xyZDOpHysEkiMVuAsq72Rl89USGfFWzBcuMH
w7ZwoVVl+PigozM7T3oBOSisj3UqpzbO7/UHVgn9Kj8hdSAI9oAlVlS2UIJKEIzY
JuB5qn0r0aTTvX8JxEaMs29/qAhHwJZ0M5eL+YEU+/kmIxh+t9qRTMezVXR4a8B3
V3P3tph7BK7UG+R8fMNTgL3YhMs5c45HVHn8/b0V1R98ghaCHSZgecAXtfJcO4ov
xwtihdnekfE+TXEmNbeVUPeLk5Bbx5fd2pVJnWhefORDwlr4n5mBMUefff4DDxTW
lCSzacEhLoTrfaBl/St5k0qeJnD+lwhSBQvizepyiuV5htJPV0EepwQ26XcCUMYt
CPTMcRIpt/QUwedzkKABmpS4VTpS+a+aoKTPhCImgLIcn2Yo1bg=
=yzbM
-----END PGP SIGNATURE-----
News for package perl
